Ifunyenwe kulo nyaka ivumela nawuphi na umsebenzisi we-domain ukuba afumane amalungelo omlawuli we-domain kunye nokuthomalalisa i-Active Directory (AD) kunye nezinye iinginginya eziqhagamshelweyo. Namhlanje siza kukuxelela indlela olu hlaselo lusebenza ngayo kunye nendlela yokulufumana.
Nantsi indlela olu hlaselo lusebenza ngayo:
- Umhlaseli uthatha iakhawunti yakhe nawuphi na umsebenzisi wedomeyini ngebhokisi yeposi esebenzayo ukuze abhalisele isiciko sesaziso sokutyhala esivela kuTshintsho.
- Umhlaseli usebenzisa i-NTLM relay ukukhohlisa umncedisi woTshintshiselwano: ngenxa yoko, iseva yoTshintshiselwano idibanisa kwikhompyutheni yomsebenzisi ophazamisekileyo usebenzisa i-NTLM phezu kwendlela ye-HTTP, apho umhlaseli ayisebenzisayo ukuqinisekisa kumlawuli wesizinda nge-LDAP nge-akhawunti yoTshintsho lweziqinisekiso.
- Umhlaseli uphela esebenzisa ezi ziqinisekiso zeakhawunti yoTshintsho ukunyusa amalungelo abo. Eli nyathelo lokugqibela linokwenziwa ngumlawuli onobutshaba osele enofikelelo olusemthethweni ukwenza utshintsho oluyimfuneko lwemvume. Ngokudala umgaqo wokubona lo msebenzi, uya kukhuselwa kule nto kunye nokuhlaselwa okufanayo.
Emva koko, umhlaseli anokuthi, umzekelo, aqhube i-DCSync ukufumana amagama ayimfihlo akhawulezayo kubo bonke abasebenzisi kwisizinda. Oku kuya kumvumela ukuba enze iintlobo ezahlukeneyo zokuhlaselwa - ukusuka kuhlaselo lwetikiti legolide ukuya kwi-hash transmission.
Iqela lophando lweVaronis liye lafunda le vector yokuhlaselwa ngokubanzi kwaye yalungiselela isikhokelo kubathengi bethu ukuba basibhaqe kwaye ngexesha elifanayo bahlole ukuba sele bephazamisekile.
UkuFunyaniswa kokuNyuswa kweLungelo leDomain
В Yenza umgaqo wesiko ukulandelela utshintsho kwiimvume ezithile kwizinto. Iya kuqhutywa xa isongeza amalungelo kunye neemvume kwinto enomdla kwisizinda:
- Chaza igama lomgaqo
- Seta udidi "Unyuso lwelungelo"
- Cwangcisa uhlobo lobutyebi ku "Zonke iindidi zoovimba"
- Umncedisi weFayile = IiNkonzo zeeNkonzo
- Chaza i-domain onomdla kuyo, umzekelo, ngegama
- Yongeza icebo lokucoca ukongeza iimvume kwi AD into
- Kwaye ungalibali ukushiya ukhetho "Khangela kwizinto zomntwana" ungakhethwanga.
Kwaye ngoku ingxelo: ukufumanisa utshintsho kumalungelo kwinto yesizinda
Utshintsho kwiimvume ze-AD lunqabile, ngoko ke nantoni na ebangele esi silumkiso kufuneka kwaye iphandwe. Kuya kuba ngumbono olungileyo ukuvavanya inkangeleko kunye nomxholo wengxelo ngaphambi kokuqalisa umthetho ngokwawo edabini.
Le ngxelo iya kubonisa ukuba sele uchaphazelekile kolu hlaselo:
Nje ukuba umthetho usebenze, ungaphanda zonke ezinye iziganeko zokunyuka kwamalungelo usebenzisa ujongano lwewebhu lweDatAlert:
Nje ukuba uqwalasele lo mgaqo, ungabeka iliso kwaye ukhusele kwezi kunye neendidi ezifanayo zobuthathaka bokhuseleko, uphande ngeziganeko ngeenkonzo zolawulo lwe-AD, kwaye ubone ukuba uyachaphazeleka kobu buthathaka bubalulekileyo.
umthombo: www.habr.com
